Details of VAR-201902-0887

ID

VAR-201902-0887

TITLE

Denial of service vulnerability in OSI layer of SISCO_MMS_Lite suite MMS protocol

Trust: 0.6

sources: CNVD: CNVD-2019-05651

DESCRIPTION

MMSLite is a communication component development library based on the IEC61850 standard of substation network communication developed by SISCO Corporation of the United States. It is mainly used for intelligent electronic devices such as remote terminal units RTU, automatic relays, and programmable logic controllers PLC. There is a denial of service vulnerability in the OSI layer of the SISCO_MMS_Lite suite MMS protocol. An attacker could use this vulnerability to cause a denial of service attack and affect the normal operation of the device

Trust: 0.72

sources: CNVD: CNVD-2019-05651 // IVD: 04b69c34-2008-4d1e-af8e-475f6cfc1d3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 04b69c34-2008-4d1e-af8e-475f6cfc1d3d // CNVD: CNVD-2019-05651

AFFECTED PRODUCTS

vendor:	cisco	model:	mmslite	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	mmslite	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 04b69c34-2008-4d1e-af8e-475f6cfc1d3d // CNVD: CNVD-2019-05651

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-05651
value:	MEDIUM
Trust: 0.6
IVD:	04b69c34-2008-4d1e-af8e-475f6cfc1d3d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2019-05651
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	04b69c34-2008-4d1e-af8e-475f6cfc1d3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 04b69c34-2008-4d1e-af8e-475f6cfc1d3d // CNVD: CNVD-2019-05651

TYPE

Denial of service

Trust: 0.2

sources: IVD: 04b69c34-2008-4d1e-af8e-475f6cfc1d3d

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-05651	Trust: 0.8
db:	IVD	id:	04B69C34-2008-4D1E-AF8E-475F6CFC1D3D	Trust: 0.2

sources: IVD: 04b69c34-2008-4d1e-af8e-475f6cfc1d3d // CNVD: CNVD-2019-05651

SOURCES

db:	IVD	id:	04b69c34-2008-4d1e-af8e-475f6cfc1d3d
db:	CNVD	id:	CNVD-2019-05651

LAST UPDATE DATE

2022-05-17T01:57:39.121000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-05651

date:

2019-02-28T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	04b69c34-2008-4d1e-af8e-475f6cfc1d3d	date:	2019-02-28T00:00:00
db:	CNVD	id:	CNVD-2019-05651	date:	2019-02-22T00:00:00